Productivity management on social networking sites is not the responsibility of the security professional.
Delivering a keynote speech at yesterday's (ISC)2 conference, Ray Stanton, global head of business continuity, security and governance at BT Global Services, claimed that it was one of the things that we had all been struggling with, but that ‘we are all hypocrites at the same time as we allow our HR and marketing to use it, but we on the security side say it is a risk and it is a problem'.
He said: “What we have to do is learn to deal with these. All we need to do with social networking sites is deal with it in an appropriate way. You can secure social networking activities, you can secure it as a company just like anything else.
“Is it easy? No. Can you do it just as easy as anything else? Yes. What we have got to do is take the challenge on and make those sites acceptable for use.”
Stanton asked the audience how many had blocked access to social networking sites, and why. One delegate responded that it was to do with productivity. Stanton said: “Since when did you take over my management of every single person, as a security person, to manage their productivity? Why are we the excuse for productivity management, why are we the excuse?
“It is not a security issue, it is productivity and that is line management issues, I do not want to hear about that. That is not a security business issue, that is a business issue.”
In a panel debate on future threats, Darren Harmer, senior pre-sales consultant at Tripwire, commented on young people's use of the internet and their lack of awareness when it comes to risk.
He said: “Some people coming in, they want to use Facebook and other cool things, but we as security people need to give them tools to be able to do it, the education to be able to do it in a secure way in a way that you can protect the business at the same time.”